1 Million Impacted in Blackbaud Data Breach

Another four healthcare suppliers have broadcast HIPAA breach alerts  in relation to the Blackbaud ransomware attack and data breach.

Just after the Northwestern Memorial HealthCare group revealed that the personal information of 55,983 clients had been impacted, an additional three breaches of 179,189, 52,500 and 22,718 at MultiCare Health System, Spectrum Health Lakeland Foundation and Richard J. Caron Foundation. respectively have been revealed on the OCR’s breach portal.

This comes after previous breaches at Northern Light Health Foundation, Catholic Health, the University of Detroit Mercy, and Children’s Hospital of Pittsburgh Foundation were revealed to be related to the Blackbaud data breach.

The overall amount of individuals impacted  total is rapidly approaching 1 million but it is not yet known if all breached organizations have been identified.

The ransomware attack on Blackbaud was initiated around May 14, 2020 after access to their databases being gained early in the year. Blackbaud’s cloud services provides services to healthcare groups globally. Luckily the group’s public cloud service remained secured . The company maintains records for more than 25,000 non-profit organizations.

Blackbaud moved to restrict the damage that was carried out. Despite this the hackers were able to steal a portion of data from Blackbaud’s self-hosted environment, including the platform used by many healthcare groups for engagement and fundraising. This data included the names of donors, people who had been present at fundraising functions previously.

Along with names, data including addresses, dates of birth, telephone numbers, and email addresses were impacted, and in some instances, donation details, donations and other donor profile information. For most impacted groups, highly sensitive information including bank account data, credit card details and Social Security numbers were not impacted.

Blackbaud published a release in relation to the breach, stating that the ransom demand was paid to unlock the data and mitigate any malicious use of the data stolen in the hack. It said: “Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly… We apologize that this happened and will continue to do our very best to supply help and support as we and our customers jointly navigate this cybercrime incident.”